Article Details

4chan, the 'internet’s litter box,' appears to have been pillaged by rival forum. Source code, moderator info, IP addresses, more allegedly swiped and leaked. Thousands of 4chan users reported outages Monday night amid rumors on social media that the edgy anonymous imageboard had been ransacked by an intruder, with someone on a rival forum claiming to have leaked its source code, moderator identities, and users' IP addresses. If those claims are legit, it's a big deal with potential real-world risks. 4chan is known for its extremist, controversial content — everything from discussions about science and video games to fringe political conspiracies and trolling to leaked nudes, and offensive, violent words and images. As of this writing, 4chan was back online but loading slowly. The outages, according to Downdetector, began around 1900 EST on April 14, with a peak of more than 1,000 user complaints. The last post before 4chan went down was a Jack Black "Chicken Jockey" meme from the Minecraft movie. After posting "4chan, the internet's litter box, got hacked" on BlueSky, Kevin Beaumont, director of emerging threats at Arcadia Group, said he suspected the site "will be down for a while, looks like a pretty comprehensive [compromise] including SQL databases, source and shell access." Reports from social media and forum posts suggest 4chan was operating on an outdated version of PHP, the open-source scripting language used for web development. While The Register hasn't verified the claims, it's alleged 4chan was running a nearly decade-old buggy version of PHP and used a deprecated function to interact with its MySQL database. A 4chan splinter site called soyjack party, aka sharty, claimed to be behind the security breach, and posted what they alleged was a ton of internal data on their rival website, including source code and info on moderators and lower-level mods called janitors. The leak reportedly included [.]edu and [.]gov email addresses. "Their board on 4chan /qa/ was banned 4 years ago and so they've been biding their time, I guess. As part of the hack they reinstated their banned board. Lol," Xeeted journalist Alex Goldman, referring to 4chan's Q&A message board. The hack-and-leak has spurred further speculation that 4chan may be a federal law enforcement honeypot, and now that some of the moderators have reportedly been doxxed, it could put them at personal risk. 4chan did not immediately respond to The Register's questions about the alleged compromised. We will update this story if and when we hear back.